// the find
errbufferoverfl/usb-canary
A Linux or OSX tool that uses psutil to monitor devices while your computer is locked. In the case it detects someone plugging in or unplugging devices it can be configured to send you an SMS or alert you via Slack or Pushover.
A Python daemon that watches for USB device changes while your screen is locked and fires off alerts via Slack, Twilio SMS, or Pushover. Useful for physical security monitoring on unattended Linux/macOS machines. Last touched in 2017, so treat it as a historical reference rather than something you'd run today.
Paranoid mode runs 24/7 without requiring a screensaver, which makes it actually usable on headless servers. The exit code table is unusually thorough — you can tell exactly what misconfiguration happened without grepping logs. Notification backends are properly separated into their own modules so adding a new one doesn't require touching the core loop. The screensaver detection via apt package inspection is a pragmatic hack that works on the supported distros.
Abandoned since 2017 — pinned to slackclient 1.0.9 and twilio 5.7.0, both of which have had breaking API changes; this won't work against current Slack or Twilio APIs without patching. Detection relies entirely on psutil's device enumeration, which means it misses USB attacks that operate below the OS level (BadUSB, hardware keyloggers). Credentials stored in a plaintext settings.json sitting in the repo root is a poor security default for a security tool. No tests anywhere in the tree despite a Travis CI badge.